[&] Which security attribute is NOT commonly used with cookies to enhance session security?
- Secure
- Asynchronous -- Correct
- HTTP only
- Same site

[&] What is a disadvantage of using URL-based session IDs?
- They consume less server resources
- They increase the complexity of session management
- They can be exposed in browser history and logs -- Correct
- They make use of additional headers in requests

[&] Which analogy best describes a session ID in the context of web application session management?
- A ticket stub for entry to an event -- Correct
- A receipt for a purchase
- An invitation to a party
- A key to access a building

[&] How do cookies contribute to session management in web applications?
- By encrypting HTTP traffic between user and server
- By holding session IDs that are sent with each request -- Correct
- By storing session data on the client's hard drive
- By maintaining a constant connection to the server

[&] Why is HTTP considered stateless, necessitating session management?
- HTTP does not inherently track user interactions -- Correct
- HTTP sessions expire every 24 hours
- HTTP only supports GET and POST methods
- HTTP does not save any server-side data

[&] What is the primary purpose of session management in web applications?
- To reduce server load by minimizing user data storage
- To encrypt user credentials during login
- To ensure high availability of the web application
- To allow users to access resources and maintain an active state without re-authentication -- Correct